Skip to content

[AutoPR- Security] Patch edk2 for CVE-2025-3770 [MEDIUM] #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
Draft

[AutoPR- Security] Patch edk2 for CVE-2025-3770 [MEDIUM] #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions SPECS/edk2/CVE-2025-3770.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
From 48d5b0a7b11a656d3ff58542900d318ec811f638 Mon Sep 17 00:00:00 2001
From: John Mathews <[email protected]>
Date: Fri, 30 May 2025 11:06:49 -0700
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on
SMM entry

Mitigates CVE-2025-3770

Do not assume that IDT.limit is loaded with a zero value upon SMM entry.
Delay enabling Machine Check Exceptions in SMM until after the SMM IDT
has been reloaded.

Signed-off-by: John Mathews <[email protected]>
Signed-off-by: rpm-build <rpm-build>
Upstream-reference: https://github.com/tianocore/edk2/commit/d2d8d38ee08c5e602fb092f940dfecc1f5a4eb38.patch
---
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index 644366b..6e1cd45 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -113,7 +113,7 @@ ProtFlatMode:
mov eax, strict dword 0 ; source operand will be patched
ASM_PFX(gPatchSmiCr3):
mov cr3, rax
- mov eax, 0x668 ; as cr4.PGE is not set here, refresh cr3
+ mov eax, 0x628 ; as cr4.PGE is not set here, refresh cr3

mov cl, strict byte 0 ; source operand will be patched
ASM_PFX(gPatch5LevelPagingNeeded):
@@ -204,6 +204,10 @@ SmiHandlerIdtrAbsAddr:
mov ax, [rbx + DSC_SS]
mov ss, eax

+ mov rax, cr4 ; enable MCE
+ bts rax, 6
+ mov cr4, rax
+
mov rbx, [rsp + 0x8] ; rbx <- CpuIndex

; enable CET if supported
--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/edk2/edk2.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ ExclusiveArch: x86_64

Name: edk2
Version: %{GITDATE}git%{GITCOMMIT}
Release: 8%{?dist}
Release: 9%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
URL: https://www.tianocore.org
Expand Down Expand Up @@ -138,6 +138,7 @@ Patch1002: CVE-2024-4741.patch
Patch1003: CVE-2024-13176.patch
Patch1004: CVE-2024-2511.patch
Patch1005: CVE-2024-4603.patch
Patch1006: CVE-2025-3770.patch

# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
Expand Down Expand Up @@ -799,6 +800,9 @@ done
/boot/efi/HvLoader.efi

%changelog
* Mon Aug 11 2025 Azure Linux Security Servicing Account <[email protected]> - 20240524git3e722403cd16-9
- Patch for CVE-2025-3770

* Thu Apr 24 2025 Jyoti Kanase <[email protected]> - 20240524git3e722403cd16-8
- Fix CVE-2024-38796

Expand Down
Loading